Help Center> > API Reference> Preparing the Environment> Obtaining Request Authentication Information

Obtaining Request Authentication Information

Updated at: May 10, 2019 17:44

You can use either of the following authentication methods to call APIs:

  • Token authentication: Requests are authenticated using tokens.
  • Access key ID (AK) and secret key (SK) authentication: Requests are encrypted using the AK and SK. AK/SK authentication is recommended because it provides higher security than token authentication.

Token Authentication

If you use a token for authentication, you must obtain your token and add X-Auth-Token to the headers of API requests.

  1. Send POST https://IAM endpoint/v3/auth/tokens.

    To obtain the endpoints of Identity and Access Management (IAM), see Regions and Endpoints.

    An example request is as follows:

    The italic words in the following example need to be replaced with the actual values. For details, see Obtaining a User Token.

      "auth": {
        "identity": {
          "methods": [
          "password": {
            "user": {
              "name": "Username",
              "password": "******",
              "domain": {
                "name": "Domain name"
        "scope": {
          "project": {
             "name": "xxxxx" //Project name. xxxxx is used as an example.

  2. Obtain the token. The value of X-Subject-Token in the response header is the token value.
  3. Call a service API and add X-Auth-Token to the request header. The value of X-Auth-Token is set to the token obtained in 2.

AK/SK Authentication

Use the AK/SK encryption method to verify the identity of a request sender. If you use the AK/SK for authentication, you must obtain the signature through the request signing process and add the signature to the headers of API requests.


AK: indicates the access key ID. It is the unique ID associated with the SK. AK is used together with SK to sign requests.

SK: indicates the secret access key. It is used together with the AK to sign requests. They can identify request senders and prevent requests from being modified.

The following uses a demo to show how to sign a request and how to use an HTTP client to send an HTTPS request:

Demo download address:

If you do not need the demo project, obtain the API gateway signature tool and reference it in other projects.

Tool download address:

Decompress the downloaded package to obtain a .jar file. Add the decompressed .jar file to the dependency path, as shown in the following figure.

Figure 1 Importing a .jar file

  1. Obtain an AK/SK file. If an AK/SK file has been obtained, skip this step and find the AK/SK file that has been downloaded. Generally, the file name is credentials.csv.

    1. Sign up and log in to the management console.
    2. Click the username and choose My Credential from the drop-down list.
    1. Click Access Credentials.
    2. Click Add Access Key. The Add Access Key page is displayed.
    3. Enter the password used for the current login.
    4. Enter the authentication code received in the email or mobile phone.

      For users created in IAM, if no email address or mobile number is specified during user creation, only the login password needs to be authenticated.

    5. Click OK to download the access key.

      Keep the AK secure to prevent it from being leaked.

  2. Download the demo project package and decompress it.
  3. Import the demo project to Eclipse.

    Figure 2 Selecting an existing project
    Figure 3 Selecting the demo project after decompression
    Figure 4 Structure of the project after a successful import

  4. Sign the request.

    The signing method is integrated into the .jar file added in 3. Before sending the request, sign the requested content. The signature obtained is included in the HTTP header of the request.

    The code is categorized into three classes:

    • AccessService: indicates an abstract class that converts the GET, POST, PUT, and DELETE methods into access methods.
    • Demo: indicates the execution entry for simulating GET, POST, PUT, and DELETE requests.
    • AccessServiceImpl: indicates the implementation of an access method. The code required for API gateway communication is included in the access method.
    1. Edit the main method in the file.

      Replace the bold texts with actual values. If you use other methods, such as POST, PUT, and DELETE, see the corresponding annotations.

      Replace the region, serviceName, AK/SK, and URL. The URL for obtaining the VPC is used in the demo as an example.

      For details about how to obtain the project_id in the URL, see Obtaining a Project ID. For details about how to obtain the endpoint, see Regions and Endpoints.

      //TODO: Replace region with the name of the region in which the service to be accessed is located. 
      private static final String region = "";
      //TODO: Replace vpc with the name of the service you want to access. For example, ecs, vpc, iam, and elb.
      private static final String serviceName = "";
      public static void main(String[] args) throws UnsupportedEncodingException
      //TODO: Replace the AK and SK with those obtained on the My Credential page.
      String ak = "ZIRRKMTWP******1WKNKB";
      String sk = "Us0mdMNHk******YrRCnW0ecfzl";
      //TODO: To specify a project ID (multi-project scenarios), add the X-Project-Id header.
      //TODO: To access a global service, such as IAM, DNS, CDN, and TMS, add the X-Domain-Id header to specify an account ID.
      //TODO: To add a header, find "Add special headers" in the file.
      //TODO: Test the API
      String url = "https://{Endpoint}/v1/{project_id}/vpcs";
      get(ak, sk, url);
      //TODO: When creating a VPC, replace {project_id} in postUrl with the actual value.
      //String postUrl = "https://serviceEndpoint/v1/{project_id}/cloudservers";
      //String postbody ="{\"vpc\": {\"name\": \"vpc\",\"cidr\": \"\"}}";
      //post(ak, sk, postUrl, postbody);
      //TODO: When querying a VPC, replace {project_id} in url with the actual value.
      //String url = "https://serviceEndpoint/v1/{project_id}/vpcs/{vpc_id}";
      //get(ak, sk, url);
      //TODO: When updating a VPC, replace {project_id} and {vpc_id} in putUrl with the actual values.
      //String putUrl = "https://serviceEndpoint/v1/{project_id}/vpcs/{vpc_id}";
      //String putbody ="{\"vpc\":{\"name\": \"vpc1\",\"cidr\": \"\"}}";
      //put(ak, sk, putUrl, putbody);
      //TODO: When deleting a VPC, replace {project_id} and {vpc_id} in deleteUrl with the actual values.
      //String deleteUrl = "https://serviceEndpoint/v1/{project_id}/vpcs/{vpc_id}";
      //delete(ak, sk, deleteUrl);
    2. Compile and run the API calling code.

      Find in the left pane of the Package Explorer, right-click, and choose Run AS > Java Application.

      View the API call logs on the console.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?

Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel